2009-05-15 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / rmd160.c
blobf891937073eb19bb627d0a200e69fbccd3e9376d
1 /* rmd160.c - RIPE-MD160
2 * Copyright (C) 1998, 1999, 2000, 2001, 2008 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 /* For historic reasons gpg uses RIPE-MD160 to to identify names in
21 the trustdb. It would be better to change that to SHA-1, to take
22 advantage of a SHA-1 hardware operation provided by some CPUs.
23 This would break trustdb compatibility and thus we don't want to do
24 it now.
26 We do not use the libgcrypt provided implementation of RMD160
27 because that is not available in FIPS mode, thus for the sake of
28 gpg internal non-cryptographic, purposes, we use this separate
29 implementation.
32 #include <config.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
38 #include "../jnlib/types.h"
39 #include "rmd160.h"
42 * Rotate the 32 bit integer X by N bytes.
44 #if defined(__GNUC__) && defined(__i386__)
45 static inline u32
46 rol (u32 x, int n)
48 __asm__("roll %%cl,%0"
49 :"=r" (x)
50 :"0" (x),"c" (n));
51 return x;
53 #else
54 #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
55 #endif
57 /* Structure holding the context for the RIPE-MD160 computation. */
58 typedef struct
60 u32 h0, h1, h2, h3, h4;
61 u32 nblocks;
62 unsigned char buf[64];
63 int count;
64 } rmd160_context_t;
68 static void
69 rmd160_init (rmd160_context_t *hd)
71 hd->h0 = 0x67452301;
72 hd->h1 = 0xEFCDAB89;
73 hd->h2 = 0x98BADCFE;
74 hd->h3 = 0x10325476;
75 hd->h4 = 0xC3D2E1F0;
76 hd->nblocks = 0;
77 hd->count = 0;
83 * Transform the message X which consists of 16 32-bit-words.
85 static void
86 transform (rmd160_context_t *hd, const unsigned char *data)
88 u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
89 #ifdef BIG_ENDIAN_HOST
90 u32 x[16];
92 int i;
93 unsigned char *p2, *p1;
94 for (i=0, p1=data, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
96 p2[3] = *p1++;
97 p2[2] = *p1++;
98 p2[1] = *p1++;
99 p2[0] = *p1++;
102 #else
103 u32 x[16];
104 memcpy (x, data, 64);
105 #endif
108 #define K0 0x00000000
109 #define K1 0x5A827999
110 #define K2 0x6ED9EBA1
111 #define K3 0x8F1BBCDC
112 #define K4 0xA953FD4E
113 #define KK0 0x50A28BE6
114 #define KK1 0x5C4DD124
115 #define KK2 0x6D703EF3
116 #define KK3 0x7A6D76E9
117 #define KK4 0x00000000
118 #define F0(x,y,z) ( (x) ^ (y) ^ (z) )
119 #define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
120 #define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
121 #define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
122 #define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
123 #define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
124 a = rol(t,s) + e; \
125 c = rol(c,10); \
126 } while(0)
128 /* Left lane. */
129 a = hd->h0;
130 b = hd->h1;
131 c = hd->h2;
132 d = hd->h3;
133 e = hd->h4;
134 R( a, b, c, d, e, F0, K0, 0, 11 );
135 R( e, a, b, c, d, F0, K0, 1, 14 );
136 R( d, e, a, b, c, F0, K0, 2, 15 );
137 R( c, d, e, a, b, F0, K0, 3, 12 );
138 R( b, c, d, e, a, F0, K0, 4, 5 );
139 R( a, b, c, d, e, F0, K0, 5, 8 );
140 R( e, a, b, c, d, F0, K0, 6, 7 );
141 R( d, e, a, b, c, F0, K0, 7, 9 );
142 R( c, d, e, a, b, F0, K0, 8, 11 );
143 R( b, c, d, e, a, F0, K0, 9, 13 );
144 R( a, b, c, d, e, F0, K0, 10, 14 );
145 R( e, a, b, c, d, F0, K0, 11, 15 );
146 R( d, e, a, b, c, F0, K0, 12, 6 );
147 R( c, d, e, a, b, F0, K0, 13, 7 );
148 R( b, c, d, e, a, F0, K0, 14, 9 );
149 R( a, b, c, d, e, F0, K0, 15, 8 );
150 R( e, a, b, c, d, F1, K1, 7, 7 );
151 R( d, e, a, b, c, F1, K1, 4, 6 );
152 R( c, d, e, a, b, F1, K1, 13, 8 );
153 R( b, c, d, e, a, F1, K1, 1, 13 );
154 R( a, b, c, d, e, F1, K1, 10, 11 );
155 R( e, a, b, c, d, F1, K1, 6, 9 );
156 R( d, e, a, b, c, F1, K1, 15, 7 );
157 R( c, d, e, a, b, F1, K1, 3, 15 );
158 R( b, c, d, e, a, F1, K1, 12, 7 );
159 R( a, b, c, d, e, F1, K1, 0, 12 );
160 R( e, a, b, c, d, F1, K1, 9, 15 );
161 R( d, e, a, b, c, F1, K1, 5, 9 );
162 R( c, d, e, a, b, F1, K1, 2, 11 );
163 R( b, c, d, e, a, F1, K1, 14, 7 );
164 R( a, b, c, d, e, F1, K1, 11, 13 );
165 R( e, a, b, c, d, F1, K1, 8, 12 );
166 R( d, e, a, b, c, F2, K2, 3, 11 );
167 R( c, d, e, a, b, F2, K2, 10, 13 );
168 R( b, c, d, e, a, F2, K2, 14, 6 );
169 R( a, b, c, d, e, F2, K2, 4, 7 );
170 R( e, a, b, c, d, F2, K2, 9, 14 );
171 R( d, e, a, b, c, F2, K2, 15, 9 );
172 R( c, d, e, a, b, F2, K2, 8, 13 );
173 R( b, c, d, e, a, F2, K2, 1, 15 );
174 R( a, b, c, d, e, F2, K2, 2, 14 );
175 R( e, a, b, c, d, F2, K2, 7, 8 );
176 R( d, e, a, b, c, F2, K2, 0, 13 );
177 R( c, d, e, a, b, F2, K2, 6, 6 );
178 R( b, c, d, e, a, F2, K2, 13, 5 );
179 R( a, b, c, d, e, F2, K2, 11, 12 );
180 R( e, a, b, c, d, F2, K2, 5, 7 );
181 R( d, e, a, b, c, F2, K2, 12, 5 );
182 R( c, d, e, a, b, F3, K3, 1, 11 );
183 R( b, c, d, e, a, F3, K3, 9, 12 );
184 R( a, b, c, d, e, F3, K3, 11, 14 );
185 R( e, a, b, c, d, F3, K3, 10, 15 );
186 R( d, e, a, b, c, F3, K3, 0, 14 );
187 R( c, d, e, a, b, F3, K3, 8, 15 );
188 R( b, c, d, e, a, F3, K3, 12, 9 );
189 R( a, b, c, d, e, F3, K3, 4, 8 );
190 R( e, a, b, c, d, F3, K3, 13, 9 );
191 R( d, e, a, b, c, F3, K3, 3, 14 );
192 R( c, d, e, a, b, F3, K3, 7, 5 );
193 R( b, c, d, e, a, F3, K3, 15, 6 );
194 R( a, b, c, d, e, F3, K3, 14, 8 );
195 R( e, a, b, c, d, F3, K3, 5, 6 );
196 R( d, e, a, b, c, F3, K3, 6, 5 );
197 R( c, d, e, a, b, F3, K3, 2, 12 );
198 R( b, c, d, e, a, F4, K4, 4, 9 );
199 R( a, b, c, d, e, F4, K4, 0, 15 );
200 R( e, a, b, c, d, F4, K4, 5, 5 );
201 R( d, e, a, b, c, F4, K4, 9, 11 );
202 R( c, d, e, a, b, F4, K4, 7, 6 );
203 R( b, c, d, e, a, F4, K4, 12, 8 );
204 R( a, b, c, d, e, F4, K4, 2, 13 );
205 R( e, a, b, c, d, F4, K4, 10, 12 );
206 R( d, e, a, b, c, F4, K4, 14, 5 );
207 R( c, d, e, a, b, F4, K4, 1, 12 );
208 R( b, c, d, e, a, F4, K4, 3, 13 );
209 R( a, b, c, d, e, F4, K4, 8, 14 );
210 R( e, a, b, c, d, F4, K4, 11, 11 );
211 R( d, e, a, b, c, F4, K4, 6, 8 );
212 R( c, d, e, a, b, F4, K4, 15, 5 );
213 R( b, c, d, e, a, F4, K4, 13, 6 );
215 aa = a; bb = b; cc = c; dd = d; ee = e;
217 /* Right lane. */
218 a = hd->h0;
219 b = hd->h1;
220 c = hd->h2;
221 d = hd->h3;
222 e = hd->h4;
223 R( a, b, c, d, e, F4, KK0, 5, 8);
224 R( e, a, b, c, d, F4, KK0, 14, 9);
225 R( d, e, a, b, c, F4, KK0, 7, 9);
226 R( c, d, e, a, b, F4, KK0, 0, 11);
227 R( b, c, d, e, a, F4, KK0, 9, 13);
228 R( a, b, c, d, e, F4, KK0, 2, 15);
229 R( e, a, b, c, d, F4, KK0, 11, 15);
230 R( d, e, a, b, c, F4, KK0, 4, 5);
231 R( c, d, e, a, b, F4, KK0, 13, 7);
232 R( b, c, d, e, a, F4, KK0, 6, 7);
233 R( a, b, c, d, e, F4, KK0, 15, 8);
234 R( e, a, b, c, d, F4, KK0, 8, 11);
235 R( d, e, a, b, c, F4, KK0, 1, 14);
236 R( c, d, e, a, b, F4, KK0, 10, 14);
237 R( b, c, d, e, a, F4, KK0, 3, 12);
238 R( a, b, c, d, e, F4, KK0, 12, 6);
239 R( e, a, b, c, d, F3, KK1, 6, 9);
240 R( d, e, a, b, c, F3, KK1, 11, 13);
241 R( c, d, e, a, b, F3, KK1, 3, 15);
242 R( b, c, d, e, a, F3, KK1, 7, 7);
243 R( a, b, c, d, e, F3, KK1, 0, 12);
244 R( e, a, b, c, d, F3, KK1, 13, 8);
245 R( d, e, a, b, c, F3, KK1, 5, 9);
246 R( c, d, e, a, b, F3, KK1, 10, 11);
247 R( b, c, d, e, a, F3, KK1, 14, 7);
248 R( a, b, c, d, e, F3, KK1, 15, 7);
249 R( e, a, b, c, d, F3, KK1, 8, 12);
250 R( d, e, a, b, c, F3, KK1, 12, 7);
251 R( c, d, e, a, b, F3, KK1, 4, 6);
252 R( b, c, d, e, a, F3, KK1, 9, 15);
253 R( a, b, c, d, e, F3, KK1, 1, 13);
254 R( e, a, b, c, d, F3, KK1, 2, 11);
255 R( d, e, a, b, c, F2, KK2, 15, 9);
256 R( c, d, e, a, b, F2, KK2, 5, 7);
257 R( b, c, d, e, a, F2, KK2, 1, 15);
258 R( a, b, c, d, e, F2, KK2, 3, 11);
259 R( e, a, b, c, d, F2, KK2, 7, 8);
260 R( d, e, a, b, c, F2, KK2, 14, 6);
261 R( c, d, e, a, b, F2, KK2, 6, 6);
262 R( b, c, d, e, a, F2, KK2, 9, 14);
263 R( a, b, c, d, e, F2, KK2, 11, 12);
264 R( e, a, b, c, d, F2, KK2, 8, 13);
265 R( d, e, a, b, c, F2, KK2, 12, 5);
266 R( c, d, e, a, b, F2, KK2, 2, 14);
267 R( b, c, d, e, a, F2, KK2, 10, 13);
268 R( a, b, c, d, e, F2, KK2, 0, 13);
269 R( e, a, b, c, d, F2, KK2, 4, 7);
270 R( d, e, a, b, c, F2, KK2, 13, 5);
271 R( c, d, e, a, b, F1, KK3, 8, 15);
272 R( b, c, d, e, a, F1, KK3, 6, 5);
273 R( a, b, c, d, e, F1, KK3, 4, 8);
274 R( e, a, b, c, d, F1, KK3, 1, 11);
275 R( d, e, a, b, c, F1, KK3, 3, 14);
276 R( c, d, e, a, b, F1, KK3, 11, 14);
277 R( b, c, d, e, a, F1, KK3, 15, 6);
278 R( a, b, c, d, e, F1, KK3, 0, 14);
279 R( e, a, b, c, d, F1, KK3, 5, 6);
280 R( d, e, a, b, c, F1, KK3, 12, 9);
281 R( c, d, e, a, b, F1, KK3, 2, 12);
282 R( b, c, d, e, a, F1, KK3, 13, 9);
283 R( a, b, c, d, e, F1, KK3, 9, 12);
284 R( e, a, b, c, d, F1, KK3, 7, 5);
285 R( d, e, a, b, c, F1, KK3, 10, 15);
286 R( c, d, e, a, b, F1, KK3, 14, 8);
287 R( b, c, d, e, a, F0, KK4, 12, 8);
288 R( a, b, c, d, e, F0, KK4, 15, 5);
289 R( e, a, b, c, d, F0, KK4, 10, 12);
290 R( d, e, a, b, c, F0, KK4, 4, 9);
291 R( c, d, e, a, b, F0, KK4, 1, 12);
292 R( b, c, d, e, a, F0, KK4, 5, 5);
293 R( a, b, c, d, e, F0, KK4, 8, 14);
294 R( e, a, b, c, d, F0, KK4, 7, 6);
295 R( d, e, a, b, c, F0, KK4, 6, 8);
296 R( c, d, e, a, b, F0, KK4, 2, 13);
297 R( b, c, d, e, a, F0, KK4, 13, 6);
298 R( a, b, c, d, e, F0, KK4, 14, 5);
299 R( e, a, b, c, d, F0, KK4, 0, 15);
300 R( d, e, a, b, c, F0, KK4, 3, 13);
301 R( c, d, e, a, b, F0, KK4, 9, 11);
302 R( b, c, d, e, a, F0, KK4, 11, 11);
305 t = hd->h1 + d + cc;
306 hd->h1 = hd->h2 + e + dd;
307 hd->h2 = hd->h3 + a + ee;
308 hd->h3 = hd->h4 + b + aa;
309 hd->h4 = hd->h0 + c + bb;
310 hd->h0 = t;
314 /* Update the message digest with the content of (INBUF,INLEN). */
315 static void
316 rmd160_write (rmd160_context_t *hd, const unsigned char *inbuf, size_t inlen)
318 if( hd->count == 64 )
320 /* Flush the buffer. */
321 transform (hd, hd->buf);
322 hd->count = 0;
323 hd->nblocks++;
325 if (!inbuf)
326 return;
328 if (hd->count)
330 for (; inlen && hd->count < 64; inlen--)
331 hd->buf[hd->count++] = *inbuf++;
332 rmd160_write (hd, NULL, 0);
333 if (!inlen)
334 return;
337 while (inlen >= 64)
339 transform (hd, inbuf);
340 hd->count = 0;
341 hd->nblocks++;
342 inlen -= 64;
343 inbuf += 64;
345 for (; inlen && hd->count < 64; inlen--)
346 hd->buf[hd->count++] = *inbuf++;
350 /* Complete the message computation. */
351 static void
352 rmd160_final( rmd160_context_t *hd )
354 u32 t, msb, lsb;
355 unsigned char *p;
357 rmd160_write (hd, NULL, 0); /* Flush buffer. */
359 t = hd->nblocks;
360 /* Multiply by 64 to make a byte count. */
361 lsb = t << 6;
362 msb = t >> 26;
363 /* Add the count. */
364 t = lsb;
365 if ((lsb += hd->count) < t)
366 msb++;
367 /* Multiply by 8 to make a bit count. */
368 t = lsb;
369 lsb <<= 3;
370 msb <<= 3;
371 msb |= t >> 29;
373 if (hd->count < 56)
375 /* Enough room. */
376 hd->buf[hd->count++] = 0x80; /* Pad character. */
377 while (hd->count < 56)
378 hd->buf[hd->count++] = 0;
380 else
382 /* Need one extra block. */
383 hd->buf[hd->count++] = 0x80; /* Pad character. */
384 while (hd->count < 64)
385 hd->buf[hd->count++] = 0;
386 rmd160_write (hd, NULL, 0); /* Flush buffer. */
387 memset (hd->buf, 0, 56); /* Fill next block with zeroes. */
389 /* Append the 64 bit count. */
390 hd->buf[56] = lsb;
391 hd->buf[57] = lsb >> 8;
392 hd->buf[58] = lsb >> 16;
393 hd->buf[59] = lsb >> 24;
394 hd->buf[60] = msb;
395 hd->buf[61] = msb >> 8;
396 hd->buf[62] = msb >> 16;
397 hd->buf[63] = msb >> 24;
398 transform (hd, hd->buf);
400 p = hd->buf;
401 #define X(a) do { *p++ = hd->h##a; *p++ = hd->h##a >> 8; \
402 *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
403 X(0);
404 X(1);
405 X(2);
406 X(3);
407 X(4);
408 #undef X
413 * Compines function to put the hash value of the supplied BUFFER into
414 * OUTBUF which must have a size of 20 bytes.
416 void
417 rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length)
419 rmd160_context_t hd;
421 rmd160_init (&hd);
422 rmd160_write (&hd, buffer, length);
423 rmd160_final (&hd);
424 memcpy (outbuf, hd.buf, 20);